Vulnerability Description
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wp Fevents Book Project | Wp Fevents Book | <= 0.46 |
References
- https://wpscan.com/vulnerability/87ce3c59-b234-47bf-abca-e690b53bbe82ExploitThird Party Advisory
- https://wpscan.com/vulnerability/87ce3c59-b234-47bf-abca-e690b53bbe82ExploitThird Party Advisory
FAQ
What is CVE-2023-1126?
CVE-2023-1126 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks
How severe is CVE-2023-1126?
CVE-2023-1126 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1126?
Check the references section above for vendor advisories and patch information. Affected products include: Wp Fevents Book Project Wp Fevents Book.